# # spec file for package struts # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild # icecream 0 %if 0%{?sle_version} > 150100 || 0%{?rhel} %define commons_digester apache-commons-digester %define commons_fileupload apache-commons-fileupload %else %define commons_digester jakarta-commons-digester %define commons_fileupload jakarta-commons-fileupload %endif Name: struts BuildRequires: ant-apache-oro BuildRequires: ant-apache-regexp %if 0%{?suse_Version} BuildRequires: ant-nodeps BuildRequires: ant-trax %endif BuildRequires: antlr BuildRequires: javapackages-tools BuildRequires: apache-commons-beanutils BuildRequires: %{commons_digester} BuildRequires: %{commons_fileupload} BuildRequires: apache-commons-logging BuildRequires: (jakarta-commons-validator or apache-commons-validator) BuildRequires: apache-commons-collections BuildRequires: (oro or jakarta-oro) BuildRequires: servletapi5 BuildRequires: unzip %if 0%{?suse_version} BuildRequires: update-alternatives %else BuildRequires: chkconfig %endif BuildRequires: xalan-j2 BuildRequires: java-devel >= 1.6.0 BuildRequires: fdupes %define name struts %define full_name jakarta-%{name} %define version 1.2.9 %define release 2jpp %define tomcatdir tomcat %if 0%{?rhel} %global tomcatrootdir %{_datadir}/%{tomcatdir} %else %global tomcatrootdir /srv/%{tomcatdir} %endif %global tomcatappsdir %{tomcatrootdir}/webapps %define tomcatctxdir %{_sysconfdir}/%{tomcatdir}/Catalina/localhost %define section free %define webapps blank documentation example examples tiles-documentation %define webapplibs commons-beanutils commons-digester commons-fileupload commons-validator oro struts %define jdkmajorver 1.4 %define legacyver 1.0 Version: 1.2.9 Release: 162.43.11 Summary: Web application framework License: Apache-2.0 Group: Development/Libraries/Java Source0: struts-1.2.9-src.tar.bz2 Source3: tomcat5-context-allowlinking.xml Patch0: build-webapps.xml-entity-lookup.patch Patch1: jakarta-struts-CVE-2008-2025.patch Patch2: bug-875455_struts-1.2.9-CVE-2014-0114.patch Patch3: struts-1.2.9-javac-encoding.patch Url: http://jakarta.apache.org/struts/ Requires: servlet Recommends: jdbc-stdext Requires: (apache-commons-beanutils or jakarta-commons-beanutils >= 1.6.1) Requires: %{commons_digester} >= 1.5 Requires: %{commons_fileupload} >= 1.0 Requires: (apache-commons-validator or jakarta-commons-validator >= 1.0.2) Requires: (oro >= 2.0.7 or jakarta-oro) Group: Development/Libraries/Java BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages (JSP) technology. Struts encourages application architectures based on the Model-View-Controller (MVC) design paradigm, colloquially known as Model 2 in discussions on various servlet and JSP related mailing lists. Struts includes the following primary areas of functionality: A controller servlet that dispatches requests to appropriate Action classes provided by the application developer. JSP custom tag libraries, and associated support in the controller servlet, that assists developers in creating interactive form-based applications. Utility classes to support XML parsing, automatic population of JavaBeans properties based on the Java reflection APIs, and internationalization of prompts and messages. Struts is part of the Jakarta Project, sponsored by the Apache Software Foundation. %package manual License: Apache-2.0 Summary: Maual for struts Group: Development/Libraries/Java %description manual Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages (JSP) technology. This package contains the manual for Struts. %package webapps-tomcat License: Apache-2.0 Summary: Sample struts webapps for tomcat Group: Development/Libraries/Java Requires: %{name} = %{version}-%{release} Requires(pre): tomcat Provides: webapps-tomcat6 = %{version} Obsoletes: webapps-tomcat6 < %{version} %description webapps-tomcat Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages (JSP) technology. This package contains sample webapps built with Struts for the Jakarta Tomcat web application server. %prep rm -rf %{buildroot} %setup -n %{name}-%{version}-src -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %build #%%if 0%{?rhel} export JAVA_HOME=%{_jvmdir}/java-11 #%%endif java -version mkdir lib CLASSPATH=$(build-classpath \ xml-commons-apis \ jaxp_parser_impl \ jaxp_transform_impl \ xalan-j2-serializer \ glibj \ servletapi5 \ apache-commons-collections \ jspapi ) \ ant -Dcommons-beanutils.jar=$( build-classpath commons-beanutils ) \ -Dcommons-collections.jar=$( build-classpath apache-commons-collections ) \ -Dcommons-digester.jar=$( build-classpath %{commons_digester} ) \ -Dcommons-fileupload.jar=$(build-classpath %{commons_fileupload} ) \ -Dcommons-logging.jar=$( build-classpath commons-logging ) \ -Dcommons-validator.jar=$( build-classpath commons-validator ) \ -Djakarta-oro.jar=$( build-classpath oro ) \ -Dantlr.jar=$( build-classpath antlr ) \ -Dstruts.el.home=contrib/struts-el -Dfile.encoding="UTF-8" \ -Dant.build.javac.source=8 -Dant.build.javac.target=8 \ all %install # jars install -d -m 755 %{buildroot}%{_javadir} install -m 644 target/library/%{name}.jar %{buildroot}%{_javadir}/%{name}-%{version}.jar (cd %{buildroot}%{_javadir} && for jar in *-%{version}*; do ln -sf ${jar} ${jar/-%{version}/}; done) # data install -d -m 755 %{buildroot}%{_datadir}/%{name} install -m 644 target/library/*.tld %{buildroot}%{_datadir}/%{name} install -m 644 target/library/*.dtd %{buildroot}%{_datadir}/%{name} # tomcat 6 webapps install -d -m 755 %{buildroot}%{tomcatappsdir} install -d -m 755 %{buildroot}%{tomcatctxdir} for webapp in %{webapps}; do cp -pr target/$webapp %{buildroot}%{tomcatappsdir}/%{name}-$webapp cat %{SOURCE3} | sed -e "s/@@@APPNAME@@@/$webapp/g;" > %{buildroot}%{tomcatctxdir}/%{name}-$webapp.xml # XXX: move to %%post/preun for jar in %{webapplibs}; do (cd %{buildroot}%{tomcatappsdir}/%{name}-$webapp/WEB-INF/lib \ && ln -sf ../../../../../..%{_javadir}/$jar.jar .) done (cd %{buildroot}%{tomcatappsdir}/%{name}-$webapp/WEB-INF \ && for tld in %{buildroot}%{_datadir}/%{name}/*.tld; do ln -srf $tld `basename $tld`; done) done %fdupes -s %{buildroot} %clean rm -rf %{buildroot} %files %defattr(-,root,root) %doc INSTALL README %{_javadir}/* %{_datadir}/%{name} %files manual %defattr(-,root,root) %doc target/documentation/*.html %doc target/documentation/*.gif %doc target/documentation/uml %doc target/documentation/userGuide %doc target/documentation/images %files webapps-tomcat %defattr(-,tomcat,tomcat) %dir %{tomcatrootdir} %dir %{tomcatrootdir}/webapps %dir %{_sysconfdir}/%{tomcatdir} %dir %{_sysconfdir}/%{tomcatdir}/Catalina %dir %{_sysconfdir}/%{tomcatdir}/Catalina/localhost %{tomcatappsdir}/%{name}-blank %{tomcatappsdir}/%{name}-documentation %{tomcatappsdir}/%{name}-example %{tomcatappsdir}/%{name}-examples %{tomcatappsdir}/%{name}-tiles-documentation %{tomcatctxdir}/%{name}-*.xml %changelog * Thu May 25 2023 Stefan Bluhm - Force Java 11 build for Enterprise Linux 9. - Made Tomcat folder OS dependent. - Replace usage of RPM_BUILD_ROOT variable with buildroot macro. * Mon Dec 14 2020 Stefan Bluhm - Updated for RHEL build. * Sat Jan 11 2020 Michael Calmer - change dependency to apache-commons-fileupload and apache-commons-digester * Thu Nov 2 2017 jgonzalez@suse.com - Fix build with java9 - Disable javadoc (broken for java9/SLE15) * Fri Sep 18 2015 mc@suse.de - rename struts-webapps-tomcat6 to struts-webapps-tomcat since we use tomcat8 now - remove creating the tomcat user (bsc#946335) - pre require tomcat for struts-webapps-tomcat * Tue Jul 8 2014 dmacvicar@suse.de - add apache-commons-collections to dependencies and include it in CLASSPATH * Tue Jul 1 2014 dmacvicar@suse.de - commons-beanutils and commons-logging from jakarta to apache - build with java-devel (not java-1_4-compat-devel) - use SPDX license names * Tue May 20 2014 stokos@suse.de - bug-875455_struts-1.2.9-CVE-2014-0114.patch: Fixed ActionForm classloader code injection problem. (bnc#875455 CVE-2014-0114) * Thu Apr 2 2009 mvyskocil@suse.cz - fixed CVE-2008-2025 (bnc#385273) - fdupes usage * Thu Mar 20 2008 anosek@suse.cz - struts-webapps-tomcat now depends on tomcat6 * Mon Sep 3 2007 anosek@suse.de - removed tomcat55 from BuildRequires because of cyclic dependency * Tue Aug 21 2007 anosek@suse.cz - fixed unresolvable dependency: struts-webapps-tomcat5 -> tomcat5 [#297708] * added tomcat55 to Requires and BuildRequires * changed files locations to fit tomcat55 directory structure * don't pack directories which are already owned by tomcat55 package * Wed May 2 2007 dbornkessel@suse.de - added unzip to BuildRequires * Thu Jan 11 2007 dbornkessel@suse.de - big update from 1.2.4 to 1.2.9, which fixes a lot of issues: 1.2.9: - TagUtils doesn't create XHTML compliant URLs using forwards defined with redirect="true". - Add EventDispatchAction and EventActionDispatcher. - Javascript tag does not work on Mozilla. - XSS vulnerability in LookupDispatchAction. - DOS attack, application hack. - Validation always skipped with Globals.CANCEL_KEY. - struts-el html tag library errorKey not using documented default value. 1.2.8: - Escape newlines in Validator variables. - Changing rendering of the form name to use the 'id' attribute when in XHTML strict mode. - Fix for Struts XSS Vulnerability - remove uri from error messages. - Remove I18nFactorySet copied code. - Provide config option to turn off MessageResources escape processing. - Fix bug where non-resource action messages only work for the first message in the messages list. - Correct link on the acquiring page to the maven generated nightly builds. - Update TagUtils to provide a more specific error message where properties on a formbean are not found. - Update to the HTML tag library docs. - Update tag library configuration docs for Servlet 2.4. - Filter html sensitive characters in the tag's value. - tag logic updated to be more efficient with use of iterators. - Add better error reporting to tag. - Add warning to ActionMapping.findForward() method if not found. - Add comment regarding jdbc20ext.jar and JDK to build.properties.sample. - Add no-arg constructor to ModuleConfigImpl. 1.2.7: - Prevent NullPointerException when toString() is called before dynaClass is initialized. - Retrieve FormTag stored in Request scope, rather than the TagSupport's findAncestorWithClass() . - Fixing value escape so that both backslashes and quotes are escaped correctly. - Additional fix to "Invalid cache in InsertTag" for a problem on Orion. - Fix cactus tests to work with Cactus 1.7. - Page attribute of img and image tags doesn't use pagePattern setting. - BeanValidatorForm's getValidationKey method should call mapping.getAttribute(). - Add ActionDispatcher to provide dispatch behavior to classes that do not extend DispatchAction. - Add a check for null page value and throwing more informative exception. - Add a check for missing Validator Resources and throw a more useful error message. - LogonAction does not check errors in appropriate place. - Add TilesRequestProcessor handling for NoSuchDefinitionException. - Implement Servlet 2.3/2.4 methods using reflection in MultipartRequestWrapper. - Synchronize the Nested tag attributes for changes made in Bug #17708 and Bug #21603. - Resolve ClassCastException when a non String paramId value already exists in the params map. - Allow saving errors to the session in the same way that messages are. - Change JavascriptValidatorTag to escape double quotes in variable values. - Change DigestingPlugIn to give an explicit message when configSource/configPath yields a null URL. - Automatic readonly/disabled settings using new tag attributes. - Resolve HTML Link Tag not working with JSTL Loop Tag. - Improve ValidWhen Exception Handling - exceptions are now logged and validation fails returning an error message with details of the error. - A validwhen examples page and validation resource/bundles example pages (Server Side and JavaScript) have been added to the struts-examples webapp. - Commons Validator dependency changed to version 1.1.4. - Add "bundle" attribute to El version of JavascriptValidatorTag. - Resolve #21760 Support for non-default resource bundles in validation. Resolve #18169 Resource attribute of msg tag in the validation.xml doesn't work. - Fix invalid XML in the struts-doc-config.xml file in the Tiles Documentation webapp. - Add doubleRange validator to the validator-rules.xml - Name attribute is no longer rendered in the tag if the rendering mode is XHTML. - JavaDoc corrections. - Fix @link() tags - Add ActionRedirect class to allow adding request parameters to redirecting forwards. - Resolve memory leaks with JBoss 3.x +(Tomcat/Jetty). - Change DownloadAction to use supplied buffer size. - Sync up the EL tags with their non-EL counterparts. This adds the 'bundle' attribute to many tags, and also the 'error*' attributes, and 'header', 'footer', 'prefix' and 'suffix' for the Errors tag. - Change ModuleException to ensure all constructors invoke super. Resolve #32504 - document the means used to format values in the tag. Resolve #32016 - wrap the hidden token field in a
element for HTML 4.01 Strict compliance. - Remove use of "enum" as its a keyword in Java 5. 1.2.6: - Resolve always include Session id (if any) even for external Urls (href attribute) - Two slashes created by TagUtils.getActionMappingURL for webapps in root context - Add a warning to reset FormFile - Shale mailreader example should define the servlet version as 2.4 - Changes to update maven build after SVN layout re-org. - Remove redundant definitions of maven.repo.central and maven.repo.central.directory - Added ability to load struts, validator, and tiles config files from classloader if not found in the servlet context. - Better handling of servlet initialization errors to mark the servlet as unavailable and notify the developer of the probable cause. - Add missing base class for Shale test cases. - Must use contextRelative to forward to Actions in Default module. - Subversion repository rearranged into separate core, el, faces and sandbox subprojects. - Validator validwhen documentation typo. - DigestingPlugIn can't load a digester rule file. - "Created" boolean in FacesRequestProcessor.doForward() not being set - Improve TagUtils.filter() performance. - Add LazyValidatorForm - Change BeanUtils dependency to 1.7.0, Digester dependency to 1.6 and remove Collections Dependency - Add "actions/DownloadAction.java", an abstract action that provides the nuts and bolts for downloading files. - Document that if a link to a forward is used to switch modules, the path must point to an action. - Message resources file in Struts Blank is misplaced. [55584] Update README with new layout. - Using a tiles definition as errorPage causes infinite looping - NullPointerException in ActionServlet - Implement Serializable on ActionServletWrapper - Add documentation to base chain-config.xml to help Tiles users. - Document the default value for "scope" on an element in the DTD for a struts-config.xml file (along with all the other documentation). 1.2.5: - Remove dependency on commons-lang. - Move Struts-Faces from "contrib" to the trunk. - Add header,footer,prefix,suffix attributes to ErrorsTag. - Have Tiles ControllerSupport execute() call perform() for backward compatibility. To be removed after version 1.2. - Add validwhen test to compare two Strings containing numbers. - validwhen validator should do numeric compare when both items convertable to Integer. - Move repository to Subversion. - Better i18n and alternate bundle support for html tags. Add missing "bundle" attribute to tld for html tags. Tags affected are ButtonTag, CancelTag, CheckboxTag, FileTag, FrameTag, HiddenTag, LinkTag, MultiboxTag, PasswordTag, RadioTag, ResetTag, SelectTag, SubmitTag,TextTag, TextareaTag. Also added a test for the bundle attribute for each of the above tags. - Add missing nested tag attributes. Resolve #31212 "nested:link module attribute not specified in tld". Resolve #20417 "Attribute idName not declared for NestedRadioTag". - Forward path in Validator struts-config.xml in struts-examples incorrect - Refactor some of the HTML tags make extending them easier. - * added prepareOtherAttributes() method - * added prepareName() method - * use getters rather than instance variables - * refactored SubmitTag - ButtonTag, CancelTag and ResetTag now inherit from SubmitTag. * Thu Sep 28 2006 skh@suse.de - add xalan-j2 to BuildRequires and xalan-j2-serializer.jar to build classpath - don't use icecream - use source="1.4" and target="1.4" for build with java 1.5 * Wed May 24 2006 dbornkessel@suse.de - changed hard requirement on jdbc-stdext to 'Recommends', as it is not available on some platforms (s390[x]) Bug 177909 * Thu Apr 27 2006 dbornkessel@suse.de - backported struts security fixes from 1.2.9 -> 1.2.4 Struts bugs: * Bug 38374 - Validation always skipped with Globals.CANCEL_KEY. * Bug 38534 - DOS attack, application hack. * Bug 38749 - XSS vulnerability in LookupDispatchAction. Novell bug: 162429 * Mon Apr 24 2006 dbornkessel@suse.de - bug #140311 fix (file list changed) * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Wed Sep 28 2005 dmueller@suse.de - add norootforbuild * Mon Mar 14 2005 skh@suse.de - use correct tomcat5 directories for webapps (#63194) * Tue Feb 22 2005 skh@suse.de - update to version 1.2.4 * Sun Sep 5 2004 skh@suse.de - Initial package created with version 1.1 (JPackage 1.5)